[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Tor -> VPN Clarification

On 01/30/2015 10:42 PM, grarpamp wrote:
> On Fri, Jan 30, 2015 at 9:25 PM, Mirimir <mirimir@xxxxxxxxxx> wrote:
>> On 01/30/2015 06:19 PM, Seth wrote:
>>> If I remember correctly it has to do with the ability to correlate VPN
>>> traffic on the last 'leg' of the connection from you to your VPN
>>> provider vs traffic on the last leg of journey from Tor exit to your
>>> desired destination.
>> How is that any worse than adversaries correlating traffic between your
>> ISP and entry guards with traffic between exit nodes and destinations?
>> Tor is by definition vulnerable to such adversaries.
>> I've been thinking about testing such matters.
>> What's the best open-source software for traffic correlation?
>> actually usable without coding from basic principles.
> Ask the NSA.


> They're about the only ones with need for such tools.

Don't we all need them? Without some decent tool, how can we distinguish
total overkill from pathetic fail? For sure, I'm just an amateur. But
that said, if I can break something, I know that it's pathetic. I just
want a decent hammer ;)

> You might make some basic proof of example with netflow
> tools whether as in unix kernel and/or third party, plus the free splunk.
> Watch your own service plus you and ten of your friends accessing it
> simultaneously.

Renting VPS is less complicated, and dumpcap with ring buffer is
convenient for capturing. I can export throughput in Wireshark. I take a
sample from one capture, multiply it by a same-length sliding window
from another capture, and look at sums vs offset. I've put an example
here: http://lwcl5doqq2uzjmom.onion/Dot-Product-Example.html

I did that in Excel, and it was tedious. But considering your suggestion
re splunk, now I'm wondering whether MySQL would be easier and faster.

> Give a presentation at a con, maybe they'll recruit you :)

Mirimir doesn't appear in public ;)
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to